“One of the important things about keeping these voices alive is that you shouldn’t be able to silence one point of view just by launching an attack.”
That was a statement by Project Shield team lead George Conard. The ‘voices’ in which Conard was referring to represents the many independent news and human rights sites which are susceptible to DDOS attacks often sponsored by governments as a way of censorship of unfavourable news.
Extra: In Distributed Denial of Service (DDOS) attacks, multiple computers and Internet connections (often infected with a Trojan) are used to flood the targeted resource. DDoS attacks can come in varying forms through traffic attacks, bandwidth attacks or application attacks. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. These type of attacks can be used for a number of reasons, be it to threaten companies into complying with the demands of a criminal group, to inconvenience a targeted organization, or commonly as a way to censor online content.
Project Shield forms one of the products under Jigsaw (previously known as Google Ideas when it was first established back in 2010). For those who the name ‘Jigsaw’ and ‘Project Shield’ may be still unfamiliar to you, Jigsaw is deemed as Google’s tech incubator with a mission “to tackle the toughest geopolitical challenges, from countering violent extremism to thwarting online censorship to mitigating the threats associated with digital attacks”. Many of the Jigsaw’s team current aims are efforts to protect access to information, such as through the Project Shield; contributions to open-source efforts like uProxy, which lets people share access to the free and open internet; and Password Alert, which helps protect against phishing.
Project Shield was first announced in 2013 but was still in a testing phase with selected organisations. It was proposed as a tool for the estimated 100 participating sites at the time who were often linked to ‘controversial topics’ such as human rights, election monitoring and independent political news. Project Shield’s initial initiative was to allow small, under-resourced news sites vulnerable to DDoSes deployed by governments and political movements as a means to route their traffic through Google, especially for independent news sites in autocratic and developing nations. While similar services are offered on other cloud platforms from Cloudfare to Amazon but they are charging services by the byte, because the protection under Google Shield is free, it was developed to help the smaller organisations in mind who may not have had the money, resources and expertise to fight against the growing epidemic of DDoS attacks.
Extra: ‘DDoS-for-Hire Services’ can cost as little as $USD2 per hour, or $USD800 per month for massive and longstanding attacks.
Since a blog posting last Thursday by Jared Cohen, the President of Jigsaw, Cohen confirmed that Project Shield is now finally coming out of its invite-only beta phase to offer its free cyberattack protection to not just small independent sites, but also virtually any news site that requests it are welcome to join.
Project Shield would utilise Google’s security infrastructure to detect and filter for any DDoS attacks. Wired explains how once an outlet joins and pre-registers with Project Shield, it would be able to change its domain name configuration so that visitors are redirected to a Google server, which in turn acts as a sort of “reverse proxy” that can “filter out malicious traffic and cache some elements of the site to lighten the load on the website’s own computers”. By making a change in DNS, publishers can route all their traffic through Google, whereby any traffic coming through the site is routed through the Google-owned intermediate “reverse proxy” server that can filter out malicious traffic. Google would act as the man-in-the-middle for the publisher’s traffic, decrypting and re-encrypting it in transit. With this, Google is optimistic that it would be able to move towards steps in protecting free journalism, and ultimately improve upon “the health of the Internet by mitigating against a significant threat for publishers and people who want to publish content that some might find inconvenient”. Nonetheless, routing a site’s traffic through Google would also mean that the site at hand would be unavailable in countries whose censorship regime blocks all Google IP addresses.
Nothing comes free in life, hey, so what’s the catch Google?
“This isn’t about revenue,” Jigsaw president, Jared Cohen, clarifies. Naturally, whenever the prospect of something ‘free’ is at hand, it is bound to raise a couple of eyebrows, especially for Google’s privacy critics. As the involvement of any site in Project Shield requires giving Google access to data about who visits the news site, the company reassures that it only uses data from its proxy service to improve the service and provide usage stats to publishers, and all raw logs it collects from the reverse proxy service will be kept for a maximum of two weeks before it is stored only in aggregate form for the sake of learning more about DDOS attack patterns. They have also claimed to commit not to use any data in which they have collected through Project Shield for advertising programs.
Jigsaw asserts that keeping news sites safe from DDOS attacks fits into Google’s central purpose and continuance of the company’s mission; of not just being the ultimate portal in the search of news and information, but to also be able to lead knowledge-seekers to it as well as ensure it is online and readily available when they reach it.
Do you guys think Project Shield would be here to save the day for the future of free journalism?
 Google’s Blog
 Digital Trends
 Boing Boing
 Security Week